Do not use additional zend_object member

kocsismate · kocsismate · commit 4db8ae54ed4f · 2022-09-07T17:21:35.000+02:00
diff --git a/Zend/tests/readonly_props/readonly_clone_error1.phpt b/Zend/tests/readonly_props/readonly_clone_error1.phpt
diff --git a/Zend/tests/readonly_props/readonly_clone_error2.phpt b/Zend/tests/readonly_props/readonly_clone_error2.phpt
@@ -0,0 +1,42 @@
+--TEST--
+Readonly property cannot be reset after cloning when there is no custom clone handler
+--FILE--
+<?php
+
+class Foo {
+    public function __construct(
+        public readonly int $bar,
+        public readonly int $baz
+    ) {}
+
+    public function wrongCloneOld()
+    {
+        $instance = clone $this;
+        $this->bar++;
+    }
+
+    public function wrongCloneNew()
+    {
+        $instance = clone $this;
+        $instance->baz++;
+    }
+}
+
+$foo = new Foo(1, 1);
+
+try {
+    $foo->wrongCloneOld();
+} catch (Error $exception) {
+    echo $exception->getMessage() . "\n";
+}
+
+try {
+    $foo->wrongCloneNew();
+} catch (Error $exception) {
+    echo $exception->getMessage() . "\n";
+}
+
+?>
+--EXPECT--
+Cannot modify readonly property Foo::$bar
+Cannot modify readonly property Foo::$baz
diff --git a/Zend/tests/readonly_props/readonly_clone_error3.phpt b/Zend/tests/readonly_props/readonly_clone_error3.phpt
@@ -0,0 +1,44 @@
+--TEST--
+Readonly property cannot be reset after cloning when there is a custom clone handler
+--FILE--
+<?php
+
+class Foo {
+    public function __construct(
+        public readonly int $bar,
+        public readonly int $baz
+    ) {}
+
+    public function __clone() {}
+
+    public function wrongCloneOld()
+    {
+        $instance = clone $this;
+        $this->bar++;
+    }
+
+    public function wrongCloneNew()
+    {
+        $instance = clone $this;
+        $instance->baz++;
+    }
+}
+
+$foo = new Foo(1, 1);
+
+try {
+    $foo->wrongCloneOld();
+} catch (Error $exception) {
+    echo $exception->getMessage() . "\n";
+}
+
+try {
+    $foo->wrongCloneNew();
+} catch (Error $exception) {
+    echo $exception->getMessage() . "\n";
+}
+
+?>
+--EXPECT--
+Cannot modify readonly property Foo::$bar
+Cannot modify readonly property Foo::$baz
diff --git a/Zend/tests/readonly_props/readonly_clone_success.phpt b/Zend/tests/readonly_props/readonly_clone_success.phpt
@@ -5,47 +5,35 @@ Readonly property can be reset once during cloning
 
 class Foo {
     public function __construct(
-        public readonly int $bar,
-        public readonly int $baz
+        public readonly int $bar
     ) {}
 
     public function __clone()
     {
         $this->bar++;
     }
-
-    public function wrongClone()
-    {
-        $instance = clone $this;
-        $instance->baz++;
-    }
 }
 
-$foo = new Foo(1, 1);
-$foo2 = clone $foo;
-var_dump($foo2);
+$foo = new Foo(1);
 
-try {
-    $foo->wrongClone();
-} catch (Error $exception) {
-    echo $exception->getMessage() . "\n";
-}
+var_dump(clone $foo);
 
-$foo3 = clone $foo2;
+$foo2 = clone $foo;
 var_dump($foo2);
 
+var_dump(clone $foo2);
+
 ?>
---EXPECT--
-object(Foo)#2 (2) {
+--EXPECTF--
+object(Foo)#%d (%d) {
   ["bar"]=>
   int(2)
-  ["baz"]=>
-  int(0)
 }
-Cannot modify readonly property Foo::$baz
-object(Foo)#2 (2) {
+object(Foo)#%d (%d) {
   ["bar"]=>
   int(2)
-  ["baz"]=>
-  int(0)
+}
+object(Foo)#%d (%d) {
+  ["bar"]=>
+  int(3)
 }
diff --git a/Zend/zend_API.c b/Zend/zend_API.c
@@ -1693,7 +1693,6 @@ static zend_always_inline zend_result _object_and_properties_init(zval *arg, zen
 
 	if (class_type->create_object == NULL) {
 		zend_object *obj = zend_objects_new(class_type);
-		obj->in_clone = 0;
 
 		ZVAL_OBJ(arg, obj);
 		if (properties) {
diff --git a/Zend/zend_enum.c b/Zend/zend_enum.c
@@ -44,7 +44,10 @@ zend_object *zend_enum_new(zval *result, zend_class_entry *ce, zend_string *case
 
 	ZVAL_STR_COPY(OBJ_PROP_NUM(zobj, 0), case_name);
 	if (backing_value_zv != NULL) {
-		ZVAL_COPY(OBJ_PROP_NUM(zobj, 1), backing_value_zv);
+		zval *prop = OBJ_PROP_NUM(zobj, 1);
+
+		ZVAL_COPY(prop, backing_value_zv);
+		Z_PROP_FLAG_P(prop) = 0;
 	}
 
 	return zobj;
@@ -180,7 +183,7 @@ void zend_enum_add_interfaces(zend_class_entry *ce)
 
 	if (ce->enum_backing_type != IS_UNDEF) {
 		ce->interface_names[num_interfaces_before + 1].name = zend_string_copy(zend_ce_backed_enum->name);
-		ce->interface_names[num_interfaces_before + 1].lc_name = zend_string_init("backedenum", sizeof("backedenum") - 1, 0);	
+		ce->interface_names[num_interfaces_before + 1].lc_name = zend_string_init("backedenum", sizeof("backedenum") - 1, 0);
 	}
 
 	ce->default_object_handlers = &enum_handlers;
diff --git a/Zend/zend_object_handlers.c b/Zend/zend_object_handlers.c
@@ -616,6 +616,8 @@ ZEND_API zval *zend_std_read_property(zend_object *zobj, zend_string *name, int
 					 * to make sure no actual modification is possible. */
 					ZVAL_COPY(rv, retval);
 					retval = rv;
+				} else if (Z_PROP_FLAG_P(retval) & IS_PROP_REINITABLE) {
+					Z_PROP_FLAG_P(retval) &= ~IS_PROP_REINITABLE;
 				} else {
 					zend_readonly_property_modification_error(prop_info);
 					retval = &EG(uninitialized_zval);
@@ -812,8 +814,8 @@ ZEND_API zval *zend_std_write_property(zend_object *zobj, zend_string *name, zva
 
 			if (UNEXPECTED(prop_info)) {
 				if (UNEXPECTED(prop_info->flags & ZEND_ACC_READONLY)) {
-					if (zobj->in_clone && !(Z_PROP_FLAG_P(variable_ptr) & IS_PROP_REINIT)) {
-						Z_PROP_FLAG_P(variable_ptr) |= IS_PROP_REINIT;
+					if (Z_PROP_FLAG_P(variable_ptr) & IS_PROP_REINITABLE) {
+						Z_PROP_FLAG_P(variable_ptr) &= ~IS_PROP_REINITABLE;
 					} else {
 						Z_TRY_DELREF_P(value);
 						zend_readonly_property_modification_error(prop_info);
@@ -1131,8 +1133,12 @@ ZEND_API void zend_std_unset_property(zend_object *zobj, zend_string *name, void
 
 		if (Z_TYPE_P(slot) != IS_UNDEF) {
 			if (UNEXPECTED(prop_info && (prop_info->flags & ZEND_ACC_READONLY))) {
-				zend_readonly_property_unset_error(prop_info->ce, name);
-				return;
+				if (Z_PROP_FLAG_P(slot) & IS_PROP_REINITABLE) {
+					Z_PROP_FLAG_P(slot) &= ~IS_PROP_REINITABLE;
+				} else {
+					zend_readonly_property_unset_error(prop_info->ce, name);
+					return;
+				}
 			}
 			if (UNEXPECTED(Z_ISREF_P(slot)) &&
 					(ZEND_DEBUG || ZEND_REF_HAS_TYPE_SOURCES(Z_REF_P(slot)))) {
diff --git a/Zend/zend_objects.c b/Zend/zend_objects.c
@@ -33,7 +33,6 @@ static zend_always_inline void _zend_object_std_init(zend_object *object, zend_c
 	object->ce = ce;
 	object->handlers = ce->default_object_handlers;
 	object->properties = NULL;
-	object->in_clone = 0;
 	zend_objects_store_put(object);
 	if (UNEXPECTED(ce->ce_flags & ZEND_ACC_USE_GUARDS)) {
 		ZVAL_UNDEF(object->properties_table + object->ce->default_properties_count);
@@ -193,16 +192,21 @@ ZEND_API zend_object* ZEND_FASTCALL zend_objects_new(zend_class_entry *ce)
 
 ZEND_API void ZEND_FASTCALL zend_objects_clone_members(zend_object *new_object, zend_object *old_object)
 {
+	bool has_clone_method = old_object->ce->clone != NULL;
+
 	if (old_object->ce->default_properties_count) {
 		zval *src = old_object->properties_table;
 		zval *dst = new_object->properties_table;
 		zval *end = src + old_object->ce->default_properties_count;
 
 		do {
-			Z_PROP_FLAG_P(src) &= ~IS_PROP_REINIT;
 			i_zval_ptr_dtor(dst);
 			ZVAL_COPY_VALUE_PROP(dst, src);
 			zval_add_ref(dst);
+			if (has_clone_method) {
+				Z_PROP_FLAG_P(dst) |= IS_PROP_REINITABLE;
+			}
+
 			if (UNEXPECTED(Z_ISREF_P(dst)) &&
 					(ZEND_DEBUG || ZEND_REF_HAS_TYPE_SOURCES(Z_REF_P(dst)))) {
 				zend_property_info *prop_info = zend_get_property_info_for_slot(new_object, dst);
@@ -213,7 +217,7 @@ ZEND_API void ZEND_FASTCALL zend_objects_clone_members(zend_object *new_object,
 			src++;
 			dst++;
 		} while (src != end);
-	} else if (old_object->properties && !old_object->ce->clone) {
+	} else if (old_object->properties && !has_clone_method) {
 		/* fast copy */
 		if (EXPECTED(old_object->handlers == &std_object_handlers)) {
 			if (EXPECTED(!(GC_FLAGS(old_object->properties) & IS_ARRAY_IMMUTABLE))) {
@@ -247,6 +251,9 @@ ZEND_API void ZEND_FASTCALL zend_objects_clone_members(zend_object *new_object,
 				ZVAL_COPY_VALUE(&new_prop, prop);
 				zval_add_ref(&new_prop);
 			}
+			if (has_clone_method) {
+				Z_PROP_FLAG_P(&new_prop) |= IS_PROP_REINITABLE;
+			}
 			if (EXPECTED(key)) {
 				_zend_hash_append(new_object->properties, key, &new_prop);
 			} else {
@@ -255,11 +262,17 @@ ZEND_API void ZEND_FASTCALL zend_objects_clone_members(zend_object *new_object,
 		} ZEND_HASH_FOREACH_END();
 	}
 
-	if (old_object->ce->clone) {
+	if (has_clone_method) {
+		zval *prop;
+
 		GC_ADDREF(new_object);
-		new_object->in_clone = 1;
 		zend_call_known_instance_method_with_0_params(new_object->ce->clone, new_object, NULL);
-		new_object->in_clone = 0;
+
+		rebuild_object_properties(new_object);
+		ZEND_HASH_FOREACH_PTR(new_object->properties, prop) {
+			Z_PROP_FLAG_P(prop) &= ~IS_PROP_REINITABLE;
+		} ZEND_HASH_FOREACH_END();
+
 		OBJ_RELEASE(new_object);
 	}
 }
diff --git a/Zend/zend_types.h b/Zend/zend_types.h
@@ -503,7 +503,6 @@ struct _zend_object {
 	const zend_object_handlers *handlers;
 	HashTable        *properties;
 	zval              properties_table[1];
-	bool              in_clone;
 };
 
 struct _zend_resource {
@@ -1439,14 +1438,14 @@ static zend_always_inline uint32_t zval_delref_p(zval* pz) {
  * the Z_EXTRA space when copying property default values etc. We define separate
  * macros for this purpose, so this workaround is easier to remove in the future. */
 #define IS_PROP_UNINIT 1
-#define IS_PROP_REINIT 2
+#define IS_PROP_REINITABLE 2
 #define Z_PROP_FLAG_P(z) Z_EXTRA_P(z)
 #define ZVAL_COPY_VALUE_PROP(z, v) \
 	do { *(z) = *(v); } while (0)
 #define ZVAL_COPY_PROP(z, v) \
-	do { ZVAL_COPY(z, v); Z_PROP_FLAG_P(z) = Z_PROP_FLAG_P(v) & IS_PROP_UNINIT; } while (0)
+	do { ZVAL_COPY(z, v); Z_PROP_FLAG_P(z) = Z_PROP_FLAG_P(v); } while (0)
 #define ZVAL_COPY_OR_DUP_PROP(z, v) \
-	do { ZVAL_COPY_OR_DUP(z, v); Z_PROP_FLAG_P(z) = Z_PROP_FLAG_P(v) & IS_PROP_UNINIT; } while (0)
+	do { ZVAL_COPY_OR_DUP(z, v); Z_PROP_FLAG_P(z) = Z_PROP_FLAG_P(v); } while (0)
 
 
 #endif /* ZEND_TYPES_H */
